The Manila Project is derived from the Cinder project and provides a canonical storage provisioning control plane in OpenStack for shared or distributed file systems similar to the way Cinder provides such a canonical control plane for block storage.
Similar to the VPSA Cinder Driver, the Manila VPSA drives provides a seamless management capabilities for VPSA volumes, in this case, NFS & SMB volumes without losing the added value provided by the VPSA Storage Array / All-Flash-Array
CAPABILITIES (*)
(*) Support tables are listed according to the Openstack feature set for share driver
OPENSTACK VERSION
Wallaby and later.
SUPPORTED SHARE TYPES
-
NFS
-
CIFS (SMB)
SUPPORTED FEATURES
Feature | Supported | Notes |
---|---|---|
Create/Delete Share | Yes | |
Manage unmanage share | Yes | |
Extend share | Yes | |
Create/delete snapshot | Yes | |
Create share from snapshot | Yes | |
Manage/Unmanage snapshot | Yes | |
Revert to snapshot | No | This capability is not supported by the VPSA. |
Mountable snapshot | No | This capability is not supported by the VPSA. |
SHARE DRIVERS AND SHARE ACCESS RULES SUPPORT
Read & Write | Read-Only |
---|---|
IPv4 - SMB & NFS | IPv4 - SMB & NFS |
SHARE DRIVER SECURITY SERVICES SUPPORT
- Active Directory support directly from the VPSA
SHARE DRIVERS AND COMMON CAPABILITIES
Capability | Support | Notes |
---|---|---|
DHSS True Mode | No | |
DHSS False Mode | Yes | |
Dedupe | Yes | By using a VPSA All-flash-array with the appropriate configuration parameter. |
Compression | Yes | By using a VPSA All-flash-array with the appropriate configuration parameter. |
Thin Provisioning | Yes | All VPSA volumes are thin provisioned by default. |
Thick Provisioning | No | Thick provisioning is not supported by the VPSA. |
QOS | No | |
Create Share From Snapshot | Yes | |
Revert to Snapshot | No | This capability is not supported by the VPSA. |
Mountable Snapshot | No | This capability is not supported by the VPSA. |
IPv4 Support | Yes | |
IPv6 Support | No | Can be considered in a future release |
PRE-REQUISITES
-
VPSA Version (20.12-SP1) & OpenStack Release (Wallaby)
The latest version of the driver is available out-of-the-box starting of the OpenStack Wallaby release. In case you are using an older OpenStack release, please contact Zadara Support. The driver is compatible with VPSA Storage Array/Flash Array 20.12-SP1 and later.
-
VPSA CONNECTIVITY
The VPSA Manila driver is assuming VPSA connectivity from both:-
Node level - the manila share services should have proper connectivity to the VPSA management interface (control path).
-
Openstack instances (VM) - instances should have access to the VPSA management IP in order to access the VPSA volumes via a dedicated provider network that should be set prior to the installation of the drivers (data path).
-
-
VPSA CONNECTIVITY INFORMATION
The Openstack operator should have access to the VPSA GUI/API in order to collect the general connectivity information such as IP and API access key that will be used for the driver configuration.
CONFIGURATION OPTIONS
GETTING STARTED
The Zadara VPSA Manila driver will accept the following driver parameters:
-
Open the manila.conf file for editing (normally located in
/etc/manila/manila.conf
) -
At the bottom of the configuration file, add a section for the Zadara VPSA backend driver. (i.e.
[zadaravpsa]
) -
Within the [DEFAULT] section, enable the Zadara VPSA backend by applying the backend name in the
enabled_share_backends
.
i.e.enabled_share_backends = zadaravpsa
-
Within the [DEFAULT] section, enable both NFS & CIFS protocols
enabled_share_protocols = NFS,CIFS
-
Within the driver section, set the following parameters:
[zadaravpsa] driver_handles_share_servers = false zadara_vpsa_host = <The VPSA domain name or IP address> zadara_vpsa_port = 80 <80 for HTTP or 443 for HTTPS> zadara_access_key = <The VPSA API Access Key> zadara_vpsa_poolname = <The VPSA Pool id ex. pool-00010001> share_backend_name = zadaravpsa share_driver = manila.share.drivers.zadara.zadara.ZadaraVPSAShareDriver
-
Save the configuration file.
-
Restart the Manila services.
DRIVER OPTIONS
Configuration option = Default value | Description |
---|---|
zadara_vpsa_host | VPSA - Management Host name or IP address |
zadara_vpsa_port | VPSA - Port number |
zadara_vpsa_use_ssl = False | VPSA - Use SSL connection |
zadara_ssl_cert_verify = True | If set to True the http client will validate the SSL certificate of the VPSA endpoint |
zadara_driver_ssl_cert_path = None | Can be used to specify a non default path to a CA_BUNDLE file or directory with certificates of trusted CAs |
zadara_access_key | VPSA access key |
zadara_vpsa_poolname | VPSA - Storage Pool assigned for volumes |
zadara_vol_encrypt = True | VPSA - Default encryption policy for volumes |
zadara_gen3_vol_dedupe = True | VPSA - Default encryption policy for volumes |
zadara_gen3_vol_compress = False | VPSA - Enable compression for volumes |
zadara_vol_name_template = ‘OS_%s’ | VPSA - Default template for VPSA volume names |
zadara_share_name_template = ‘OS_share-%s’ | VPSA - Default template for VPSA share names |
zadara_share_snap_name_template = ‘OS_share-snapshot-%s’ | VPSA - Default template for VPSA share snapshot names |
zadara_default_snap_policy = False | VPSA - Attach snapshot policy for volumes |
CONFIGURATION EXAMPLES
[DEFAULT]
enabled_share_backends = zadaravpsa1,zadaravpsa2
enabled_share_protocols = NFS,CIFS
default_share_type = zadaravpsa1
[zadaravpsa1]
driver_handles_share_servers = False
zadara_vpsa_host = vsa-00000010-mycloud.zadaravpsa.com
zadara_vpsa_port = 443
zadara_access_key = MYSUPERSECRETACCESSKEY
zadara_vpsa_poolname = pool-00010001
share_backend_name = zadaravpsa1
zadara_ssl_cert_verify = true
zadara_vpsa_use_ssl = false
zadara_gen3_vol_compress = true
zadara_gen3_vol_dedupe = true
share_driver = manila.share.drivers.zadara.zadara.ZadaraVPSAShareDriver
[zadaravpsa2]
driver_handles_share_servers = False
zadara_vpsa_host = 10.2.6.22
zadara_vpsa_port = 80
zadara_access_key = MYSUPERSECRETACCESSKEY
zadara_vpsa_poolname = pool-00010001
share_backend_name = zadaravpsa2
zadara_ssl_cert_verify = false
zadara_vpsa_use_ssl = false
zadara_gen3_vol_compress = true
zadara_gen3_vol_dedupe = false
share_driver = manila.share.drivers.zadara.zadara.ZadaraVPSAShareDriver
USAGE EXAMPLES
CREATE A SHARE TYPE
$ manila type-create zadaravpsa false
$ manila type-key zadaravpsa set share_backend_name='zadaravpsa'
CREATE A SHARE
$ manila create --name nfs\_share --share-type zadaravpsa nfs 100
A new NFS share will be created in presented in Manila, in the VPSA graphical interface the actual volume is presented:
+--------------------------------------+-----------+------+-------------+-----------+-----------+-----------------+
| ID | Name | Size | Share Proto | Status | Is Public | Share Type Name |
+--------------------------------------+-----------+------+-------------+-----------+-----------+-----------------+
| 10f83800-cb1a-4f58-ac6c-05328dc53453 | nfs_share | 100 | NFS | available | False | zadaravpsa |
+--------------------------------------+-----------+------+-------------+-----------+-----------+-----------------+
ATTACH A SHARE TO A SERVER (ALLOW ACCESS)
In the following example, access permission will be granted to all instances reside in subnet 192.168.0.0/24.
List existing permissions for a given share
$ manila access-list 10f83800-cb1a-4f58-ac6c-05328dc53453
The expected result is an empty list as permissions were not set for this share.
Allow access to 192.168.0.0/24 CIDR
$ manila access-allow 10f83800-cb1a-4f58-ac6c-05328dc53453 ip 192.168.0.0/24
Listing the permissions for the share will display the recently added permissions:
+---------------------------------------+-------------+----------------+--------------+--------+------------+----------------------------+----------+
| id | access_type | access_to | access_level | state | access_key | created_at | updated_at |
+--------------------------------------+-------------+----------------+--------------+--------+------------+----------------------------+------------+
| 2087ae56-7a99-46ad-b238-f2410ce6b063 | ip | 192.168.0.0/24 | rw | active | None | 2020-11-16T13:22:14.000000 | None |
+--------------------------------------+-------------+----------------+--------------+--------+------------+----------------------------+------------+
On the VPSA end, few actions were triggered by the permissions operation:
-
Server element was created for CIDR - 192.168.0.0/24
-
The volume (share) was attached to the server element with NFS access type.
MANAGE A SHARE
Manage a share will allow the OpenStack administrator to “manage” an existing VPSA volume. In other words, Manila will take ownership for managing an existing share.
In this example, we have a pre-existing share, as described in the screenshot below:
In order to manage the volume, the following manila command should be used:
$ manila manage --share_type zadaravpsa \
devstack-bm@zadaravpsa#pool-00010002 nfs \
172.49.224.105:/export/manage_me
The volume will be renamed (VPSA side) to match the Manila naming convention
UNMANAGE A SHARE
An existing share created by Manila can be “unmanaged”, Manila will clear its association in the Manila DB.
$ manila unmanage ec2c8e86-5739-47a3-a16b-015c5be5728b
MANAGE A SNAPSHOT
In a similar way to the manage/unmanage volume capability, the VPSA Manila driver will allow managing an existing snapshot for a share that was not created using the Manila driver.
Upon successful completion, the snapshot name will be renamed to match the Manila naming convention.
$ manila snapshot-manage 10f83800-cb1a-4f58-ac6c-05328dc53453 snap-0000000b
+-------------------+--------------------------------------+
| Property | Value |
+-------------------+--------------------------------------+
| id | 115584f4-2bbb-489d-9714-80d723d89e15 |
| share_id | 10f83800-cb1a-4f58-ac6c-05328dc53453 |
| share_size | 100 |
| created_at | 2020-11-16T14:46:33.066878 |
| status | manage_starting |
| name | None |
| description | None |
| size | None |
| share_proto | NFS |
| provider_location | snap-0000000b |
| user_id | 73ffc698829e4cdab06f961c326dc361 |
| project_id | 3d8c131e77214c9a9f96e7f0666e0cdd |
+-------------------+--------------------------------------+
$ manila snapshot-list
+--------------------------------------+--------------------------------------+-----------+------+------------+
| ID | Share ID | Status | Name | Share Size |
+--------------------------------------+--------------------------------------+-----------+------+------------+
| 115584f4-2bbb-489d-9714-80d723d89e15 | 10f83800-cb1a-4f58-ac6c-05328dc53453 | available | None | 100 |
+--------------------------------------+--------------------------------------+-----------+------+------------+
UNMANAGE SNAPSHOT
In a similar way, Manila can stop managing an existing snapshot.
$ manila snapshot-unmanage 115584f4-2bbb-489d-9714-80d723d89e15
SETTING VPSA PARAMETER USING MANILA METADATA
The VPSA allows greater flexibility with various SMB&NFS options, these options are not available when using Manila options. The Zadara VPSA Share driver can accept additional configuration options as metadata volumes during the volume creation.
SUPPORTED PARAMETERS
SMB VOLUME OPTIONS
- smbguest, String - YES, NO, Allow/disallow SMB guest access for a Share.
- smbonly, String - YES, NO, Allow/disallow SMB access only for a share.
- smbwindowsacl, String - YES, NO, Enable/disabled enhanced Windows ACL for a share.
- smbfilecreatemask, String, Set file creation permission for a Share.
- smbbrowseable, String - YES, NO, Allow/disallow SMB to be browsable.
- smbhiddenfiles, String, SMB files to hide.
- smbhideunreadable, String - YES, NO, hide/show SMB unreadable files.
- smbhideunwriteable, String - YES, NO.
- smbhidedotfiles, String - YES, NO, hide/show SMB un writeable files.
- smbstoredosattributes, String - YES, NO, enable/disable SMB store dos attributes.
- smbdircreatemask, String, Set directory creation permission for a Share.
- smbmaparchive, String - YES, NO, Set map archive for smb Share.
- smbencryptionmode, String - off, desired, required, Set encryption mode for smb Share.
- smbenableoplocks, String - YES, NO, Set if smb oplocks enabled.
- smbaiosize, String - 16384 (ON), 1 (OFF), Set the SMB IO size.
NFS VOLUME OPTIONS
- nfsrootsquash, String - YES, NO, Set root squash for nfs mount
- nfsallsquash, String - YES, NO, Set all squash for nfs mount
- nfsanongid, Integer, Set anonymous GID for nfs mount (0 is reserved for default)
- nfsanonuid, Integer, Set anonymous UID for nfs mount (0 is reserved for default)
GENERAL SETTINGS
- atimeupdate, String - YES, NO, Enable/disable atime updates for a Share.
- readaheadkb, String - 16, 64, 128, 256, 512, Set Read Ahead Value (KB)
The following general options allows the administrator to override the global options set by the backend configuration, for example - the ability to create a volume without encryption where the global configuration enforce encryption for all new volumes.
- crypt, String - YES, NO, Enable encryption for this Volume.
- attachpolicies, String - YES, NO, Attach default policies.
- dedupe Flash Optimized String - YES, NO Enable Dedupe For Volume.
- compress Flash Optimized String - YES, NO Enable compress For Volume.
EXAMPLES
-
Create a VPSA NAS share with SMB guest access:
$ manila create --name SMB_SHARE --share-type zadara cifs 10 --metadata smbguest=YES
-
Create an VPSA NAS share with root squash:
$ manila create --name NFS_SHARE --share-type zadara nfs 1 --metadata nfsrootsquash=YES
KNOWN LIMITATIONS
-
Microsoft Active Directory should be used from the SMB user permissions scope.